Support proper parsing of IPs with leading zeros #3138
Conversation
arkadeepsen
force-pushed
the
leading-zeros
branch
2 times, most recently
from
70cc1a4
to
c6aec2e
Compare
|
@martinkennelly PTAL |
|
/retest-failed |
|
Hey @arkadeepsen, as we discussed, we need to add ips validation for all k8s objects that can set ips (and CIDRs) |
Makes more sense @npinaeva. I'll make the appropriate changes. |
arkadeepsen
force-pushed
the
leading-zeros
branch
4 times, most recently
from
8c977e4
to
4e83aae
Compare
|
/retest |
|
/retest-failed |
|
Oops, something went wrong: |
|
/retest-failed |
|
Oops, something went wrong: |
| @@ -17,11 +16,14 @@ import ( | |||
| "strings" | |||
| "testing" | |||
|
|
|||
| "k8s.io/client-go/kubernetes" | |||
|
|
|||
There was a problem hiding this comment.
Sure. Will remove it.
arkadeepsen
force-pushed
the
leading-zeros
branch
from
c7f1217
to
965cff9
Compare
|
I am a bit confused by changes like |
I will make these changes and push separate commits.
The |
arkadeepsen
force-pushed
the
leading-zeros
branch
from
be580db
to
ec3d128
Compare
@npinaeva I have pushed 2 separate commits. One for replacing the |
|
/lgtm |
| @@ -104,14 +105,14 @@ func (pi *PodInfo) String() string { | |||
| } | |||
|
|
|||
| func (si SvcInfo) getL3Ver() string { | |||
| if net.ParseIP(si.ClusterIP).To4() != nil { | |||
| if utilnet.ParseIPSloppy(si.ClusterIP).To4() != nil { | |||
There was a problem hiding this comment.
You need to use the sloppy functions when parsing k8s API objects, but for other objects, it would be better to make sure that they only ever contain valid IP addresses. So, eg, here, it would be better to change getSvcInfo to set si.ClusterIP using ValidateAndGetIPString(). Or alternatively, make si.ClusterIP a net.IP rather than a string, and set it with utilnet.ParseIPSloppy(svc.Spec.ClusterIP).
(This comment applies everywhere; I'm not going to comment in each place.)
There was a problem hiding this comment.
Sure. I'll make the appropriate changes. For parsing IPs and CIDRs from the annotation of various objects like namespace, pod, etc., should we use the sloppy version of functions or the parse functions from the net package?
There was a problem hiding this comment.
If you have to deal with possibly-bad values in those annotations written by old versions of ovn-kubernetes, then you need to use the sloppy functions. If not, then you don't.
There was a problem hiding this comment.
I checked the value assignment to the annotations of all the objects and didn't find any bad values (IP or CIDR) being assigned.
Wherever IP strings are being used directly from the k8s API objects I have used ValidateAndGetIPString to get the valid IP address first, and then assigned it to other variables or struct fields.
| _, dpuSubnet, _ := net.ParseCIDR("10.0.0.101/24") | ||
| nodeIP := net.ParseIP("10.0.1.11") | ||
| _, dpuSubnet, _ := utilnet.ParseCIDRSloppy("10.0.0.101/24") | ||
| nodeIP := utilnet.ParseIPSloppy("10.0.1.11") |
There was a problem hiding this comment.
You don't need to use the sloppy functions for const strings that you know are valid.
net.ParseIP and net.ParseCIDR should still be the default for parsing IPs/CIDRs. The sloppy versions should only be used in contexts where you need to accept invalid strings as user input for backward-compatibility reasons. (Basically, the parameter passed to ParseIPSloppy or ParseCIDRSloppy should almost always be exactly one of the items in your list in the initial PR description (service.Spec.ClusterIP, endpointSlice.Endpoints[*].Addresses, etc)
(EDIT: or, as above, if we were previously copying the bad values from those fields into an annotation, then you'll need to use the sloppy functions for that annotation too.)
There was a problem hiding this comment.
I have reverted the changes in the unit test files where valid const strings are being used.
go-controller/pkg/util/util.go
Outdated
|
|
||
| // ValidateAndGetIPString validates the IP address and returns the IP in | ||
| // string format removing any leading zeros. | ||
| func ValidateAndGetIPString(ip string) (string, error) { |
There was a problem hiding this comment.
If you are only using this function for IPs in kubernetes API objects, then those fields have already been validated, so you know they contain IPs that are valid according to net.ParseIP, and it's just a matter of removing the leading zeros. In which case, you don't need to return an error.
There was a problem hiding this comment.
I am still returning the error from this function, but I have removed the error checking whenever it's called for any k8s API object. If this function is used for other strings which are not valid IPs then it will panic. Though this function is only being used for k8s API objects as of now.
There was a problem hiding this comment.
- The existing commits should be squashed
- This appears to have a bunch of "go 1.19 gofmt changes" mixed in with the actual IP parsing changes. It would be better to undo those. If you can't, then this should wait until Update comment formatting for Go 1.19 #3207 merges and then be rebased on top of that.
- The PR would be a lot simpler if you removed the unused error return from
ValidateAndGetIPString. If someone needed a version that also works on unvalidated strings later, then they could add that later. You could also rename the function to make it clearer that it requires an already-validated IP string so people don't mistakenly use it on unvalidated IP strings later. But anyway, I'm not going to say you have to change that if you think this way is better.
lgtm with the first two points (at least) fixed, but I feel like someone who is still active in ovn-k development should do the actual merging
arkadeepsen
force-pushed
the
leading-zeros
branch
from
ff28120
to
882fcc6
Compare
…Sloppy and ParseCIDRSloppy of k8s.io/utils/net package respectively for k8s API objects. This is done to allow IPs and CIDRs with leading zeros to be parsed without any error. Additionally have added conversion of any IP in string format to net.IP format and then conversion to string format again to remove any leading zeros. Signed-off-by: arkadeepsen <arsen@redhat.com>
arkadeepsen
force-pushed
the
leading-zeros
branch
from
882fcc6
to
dbe0a91
Compare
I have squashed the existing commits.
I have undone those changes. I also have rebased after #3207 is merged.
I have removed the error checking. However, after removing the error checking it just becomes a single line function. So I have removed the function altogether and replaced wherever it was called with |
Changed all ParseIP and ParseCIDR functions of net package to ParseIPSloppy and ParseCIDRSloppy of k8s.io/utils/net package respectively for k8s API objects. This is done to allow IPs and CIDRs with leading zeros to be parsed without any error.
Additionally have added conversion of any IP in string format to net.IP format and then conversion to string format again to remove any leading zeros.
Following set of IP strings are validated:
service.Spec.ClusterIPservice.Spec.ClusterIPsservice.Spec.ExternalIPsservice.Status.LoadBalancer.Ingress[*].IPnode.Status.Addresses[*].Address(for address typesNodeInternalIPandNodeExternalIP)endpointSlice.Endpoints[*].Addressespod.Status.PodIPpod.Status.PodIPs[*].IPSigned-off-by: Arkadeep Sen arsen@redhat.com
Fixes: https://issues.redhat.com/browse/OCPBUGS-463